下面是 Nginx 正向代理配置:
server {
listen 443 ssl http2; # 监听443端口,并启用SSL
server_name www.test.com; # 替换为您的域名
# 指定SSL证书和私钥的位置
ssl_certificate /etc/nginx/certs/www.test.com.pem; # 证书文件路径
ssl_certificate_key /etc/nginx/certs/www.test.com.key; # 私钥文件路径
# 启用OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
# 可选:设置SSL协议和密码套件
ssl_protocols TLSv1.2 TLSv1.3; # 只允许安全的SSL协议
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
# 可选:启用HSTS(HTTP Strict Transport Security)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# 根目录和索引文件
root /usr/share/nginx/html;
index index.html index.htm;
client_max_body_size 200M;
# 代理配置(如果有)
location / {
# 代理到后端服务的配置
proxy_pass http://127.0.0.1:9522;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Host $host:$server_port;
}
}
# 重定向HTTP到HTTPS
server {
listen 80;
server_name www.test.com;
return 301 https://$server_name$request_uri;
}